<?php

session_start();
$HTTP_REFERER = $_SERVER['HTTP_REFERER'];
if ((!$_POST['user']) || (!$_POST['pass'])) {
  header("Location: index.php");
  exit();
}
$user = addslashes($_POST['user']);
$pass = addslashes(md5($_POST['pass']));

$db = sqlite_open("config.db");
$sql = sqlite_query($db, "SELECT * FROM users WHERE name='$user' AND password='$pass'");

if (sqlite_num_rows($sql) > 0) {
  $data = sqlite_fetch_array($sql);
  session_register('user');
  $_SESSION['user'] = $data['name'];
  if ($data['admin'] == 1) {
    session_register('admin');
    $_SESSION['admin'] = $data['admin'];
  }
  session_register('queue');
  session_register('playing');
  header("Location: $HTTP_REFERER");
  exit();
}
else {
  header("Location: $HTTP_REFERER");
  exit();
}
?>
